Oracle® Internet Directory Administrator's Guide,
10g Release 2 (10.1.2) B14082-02 |
|
Previous |
Next |
At the end of a successful installation, the OID Monitor, oidmon
, and an instance of the Directory Server, oidldapd
, are running.
Notes:
|
Before configuring and using Oracle Internet Directory, you must perform the tasks described in this chapter. This chapter also lists the locations of the log files of the various Oracle Internet Directory components.
This section contains these topics:
To meet the needs of your environment, you must customize the default security configuration. Table 3-1 lists and describes the tasks you must perform to do this.
Table 3-1 Tasks to Reset the Default Security Configuration
Task Area | Description |
---|---|
Protect the |
Information about the directory is contained in the subentry |
Establish access to entries |
When you load directory entries, you are creating a hierarchy of directory entries. You must therefore establish:
|
Modify default access policies |
Oracle Internet Directory is installed with a default security configuration described in Chapter 17, "Delegation of Privileges for an Oracle Technology Deployment". Before you begin using the directory, you can modify this default configuration to meet the needs of your environment and ensure that each user has the appropriate authorization. |
Modify the default password policy |
Password polices are sets of rules that govern how passwords are used. Oracle Internet Directory is installed with a default password policy that you can modify to meet the needs of your environment. |
Modify the password of the super user |
The super user has full access to directory information. The default user name of the super user is |
See Also:
|
Caution: Be careful when modifying the default ACLs in any Oracle Context. Doing so can disable the security of Oracle components in your environment. See component-specific documentation for details on whether you can safely modify the default ACLs in an Oracle Context. |
Oracle Internet Directory uses a password when connecting to its desginated Oracle database. The default for this password is the same as that specified during installation for the Oracle Application Server administrator (ias_admin). Change this default password by using the OID Database Password Utility.
See Also: The "oidpasswd" command-line tool reference in Oracle Identity Management User Reference for syntax and usage notes |
If you load data into the directory by any means other than the bulkload tool (bulkload.sh
), then you must run the OID Database Statistics Collection tool, $ORACLE_HOME/ldap/admin/oidstats.sql
, after loading. This enables the Oracle Optimizer to choose an optimal plan for executing queries corresponding to LDAP operations. You can run OID Database Statistics Collection tool at any time without shutting down any of the OID daemons.
Note: To run shell script tools on the Windows operating system, you need one of the following UNIX emulation utilities:
|
If you have upgraded Oracle Internet Directory from Release 9.0.2 to Release 10.1.2, perform the following tasks.
When upgrading Oracle Internet Directory from Release 9.0.2 to Release 10.1.2, the following ACL policy needs to be set on the groups container in the realm. The ACL policy should allow members of the group cn=Common Group Attributes,cn=groups,
Oracle_Context_DN
browse, search, and read access for private and public groups—that is, for groups where orclIsVisible
is either not set or is set to TRUE
or FALSE
. This ACL is described in the Oracle Internet Directory Administrator's Guide, in Chapter 17, in the section "Default Privileges for Reading Common Group Attributes".
The "Common Group Attributes" group is used by OracleAS Portal to query private and public groups. The ACI must to be added on the groups container. Change the Realm DN
to the DN of the Realm and the DN of groups container in the realm
to the appropriate group search base.
dn: DN of groups container in the realm changetype: modify add: orclaci orclaci: access to entry filter=(!(orclisvisible=false)) by group="cn=Common Group Attributes,cn=groups, cn=Oracle Context, Realm DN" (browse) orclaci: access to attr=(*) filter=(!(orclisvisible=false)) by group="cn=Common Group Attributes,cn=groups,cn=Oracle Context, Realm DN" (search, read) orclaci: access to entry filter=(orclisvisible=false) by group="cn=Common Group Attributes,cn=groups,cn=Oracle Context, Realm DN" (browse) orclaci: access to attr=(*) filter=(orclisvisible=false) by group="cn=Common Group Attributes,cn=groups, cn=Oracle Context, Realm DN" (search, read)
During installation of Oracle Application Server or third-party products, you might be prompted for an Oracle Internet Directory or LDAP port. To find the specific port number assigned to Oracle Internet Directory at installation, see the file $ORACLE_HOME/config/ias.properties
. Look for the entries OIDport
and OIDsslport
.
The default port for enabling LDAP at Oracle Internet Directory installation time is 389. The Oracle Universal Installer always tries that port as its first choice. However, on many UNIX computers, /etc/services
includes a line for LDAP reserving port 389. When that line is present, the Installer opts instead for a port number between 3060 to 3129, inclusive.
To confirm the port at which Oracle Internet Directory is running, simply run the ldapbind
command-line tool, supplying either the host name and port number specified in the portlist.ini
file or an alternative port specified during the Oracle Internet Directory installation.
Oracle Internet Directory components output their log and trace information to log files in the ORACLE_HOME environment. Table 3-2 lists each component and the location of its corresponding log file.
Table 3-2 Log File Locations
Component | Log File Name |
---|---|
|
|
|
|
|
|
|
|
|
|
Note: The |
|
|
|
|
|
OPMN |
Log files for other Oracle Application Server components invoked by OPMN in |
|